Public private partnership results in arrests of two suspected malware creators

The reFUD.me malware services website has been taken down thanks to a joint effort between the National Crime Agency and Trend Micro.

The reFUD.me malware services website has been taken down thanks to a joint effort between the National Crime Agency and Trend Micro.

A partnership between the National Crime Agency and Trend Micro has resulted in the arrest of two people on suspicion of running the reFUD.me website for malware creators.

reFUD.me provided a range of services for malware creators, the NCA claims, including test scans to see if malicious software would trigger anti-malware scans and code re-writing tools to help disguise it.

The suspects are a 22-year-old man and a 22-year-old woman from Colchester, Essex who were detained as a result of a partnership between the NCA National Cyber Crime Unit (NCCU) and Trend Micro.

In June, the NCA announced that it had enlisted Trend Micro and Intel Security to provide real-time intelligence as “virtual threat teams”, a collaboration that had already yielded results in fighting GameOverZeus, Cryptolocker, Blackshades and Beebone.

reFUD.me provided both free and paid-for services for malware creators. The scan service enabled developers to make changes to their packages to make them FUD – fully un-detectable. The site claimed to have conducted over 1.2 million scans since February 2015.

The site also offered Cryptex Reborn, a paid-for service for disguising malware by making modifications to bypass detection engines, which the NCA described as among the most sophisticated it had seen in recent years.

“This ongoing investigation shows how the NCA is taking its work with industry to combat cyber-crime to the next level,” said Steve Laval, from the NCA's National Cyber Crime Unit.

“We will continue to work in partnership to help protect people from threats like malicious software infections and to identify and pursue suspected offenders,” Laval said.

“This investigation is the result of Trend Micro's collaboration with the NCA and other partners to tackle some of the core components that enable cybercriminal business models to exist,” said Martin Rösler, senior director of threat research, Trend Micro. “Helping to take down operations such as this is part of our ongoing effort to keep the world safe for exchanging digital information, for both our customers and the Internet at large.”

Trend said that reFUD.me was heavily advertised on hacking sites such as hackforums.net. Since it first appeared in February, it has undergone a number of upgrades including a ‘scanwatch' feature added in June.

“Trend Micro has long believed that public-private collaboration is key to a lasting solution against cybercrime. In October, we partnered with the Federal Bureau of Investigation (FBI) and several security vendors to take down the DRIDEX botnet known for targeting banks. We have also collaborated with the International Criminal Police Organization (INTERPOL) and other vendors to take down the SIMDA botnet early this year,” the company said in a blog post.